CN107105060B - Method for realizing information security of electric automobile - Google Patents
Method for realizing information security of electric automobile Download PDFInfo
- Publication number
- CN107105060B CN107105060B CN201710391299.1A CN201710391299A CN107105060B CN 107105060 B CN107105060 B CN 107105060B CN 201710391299 A CN201710391299 A CN 201710391299A CN 107105060 B CN107105060 B CN 107105060B
- Authority
- CN
- China
- Prior art keywords
- vehicle
- key
- data
- information security
- security gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40208—Bus networks characterized by the use of a particular bus standard
- H04L2012/40215—Controller Area Network CAN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40267—Bus for use in transportation systems
- H04L2012/40273—Bus for use in transportation systems the transportation system being a vehicle
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a method for realizing information security of an electric vehicle, which is characterized in that a vehicle-mounted information system and an in-vehicle ECU (electronic control unit) are isolated by an electric vehicle information security gateway, the in-vehicle ECU communicates with an information security gateway through a CAN (controller area network) bus, and the information security gateway communicates with the vehicle-mounted information system through Ethernet; the information security gateway and the vehicle-mounted information system are subjected to identity authentication when communication starts, a key is dynamically negotiated after the identity authentication, and the negotiated key is used for carrying out encryption/decryption processing and data integrity verification on interactive data in the communication process. The invention ensures the safety and reliability of the communication between the vehicle-mounted information system and the ECU in the vehicle through the identity authentication when the communication between two communication parties starts, the data encryption and the data integrity authentication in the communication process, is suitable for the embedded platform with less resources and without being connected with a PKI system, and ensures that the life and property safety problem of a vehicle owner can not occur due to hacker attack under the condition of vehicle networking of the electric vehicle.
Description
Technical Field
The invention relates to a method for realizing information security of an electric automobile, and belongs to the technical field of new energy automobiles.
Background
The popularization and application of new energy automobiles and internet of vehicles technology are the trend of the development of the automobile industry. The electric automobile is a representative of new energy automobiles and occupies more than 60% of the sales volume of the new energy automobiles. At present, the popularization and application of the car networking technology are mainly embodied on vehicle-mounted information systems, such as idrvie of BMW, SYNC of Ford, MMI system of Audi, DS CONNECT system of Citroen and the like. In the case of the internet of vehicles, the systems are likely to be intermediate devices for external attack on the vehicles or monitoring vehicle information. Once a hacker can install a malicious APP in the vehicle-mounted information system or obtain the ROOT authority of the vehicle-mounted operating system, it is likely that the hacker can successfully hijack the automobile, which causes great harm. In the case of the car networking, the car as a network terminal similar to a PC is very costly and almost impossible to implement by means of software or hardware to avoid the attack, so it becomes very important to ensure the information security of the communication between the vehicle information system and the ECU in the car.
At present, advanced vehicle-mounted information systems are installed in high-quality automobiles produced by famous automobile factories such as BMW, Cleisler, Audi and the like, control of windows and doors is supported through the vehicle-mounted information systems, automatic parking is supported, but a good method for guaranteeing information safety of the automobiles is not provided, most automobile factories are not aware of importance of information safety of the automobiles under the condition of automobile networking, and safety measures are rarely taken to guarantee information safety of the automobiles. Domestic related scientific research institutions and enterprises do not have effective technology for guaranteeing the information safety of automobiles.
Automobile manufacturers and scientific research institutions generally provide 7 types of technologies to improve information security of the internet of vehicles, but the highest security is that data security is protected through SSL standard when the internet is connected, and identity authentication is realized through certificates. But SSL source code is large and is not currently feasible to be certified for each vehicle.
Disclosure of Invention
The invention aims to solve the problems in the prior art, provides a method for realizing information security of an electric automobile, realizes identity authentication and data encryption of both communication parties on an embedded platform, has small resource requirement and good security, and can well solve the information security problem of the electric automobile under the condition of the current Internet of vehicles.
In order to achieve the purpose, the invention adopts the following technical means: a method for realizing information security of an electric vehicle is characterized in that a vehicle-mounted information system and an in-vehicle ECU (electronic control unit) are isolated by an electric vehicle information security gateway, the in-vehicle ECU communicates with an information security gateway through a CAN (controller area network) bus, and the information security gateway communicates with the vehicle-mounted information system through Ethernet; the information security gateway and the vehicle-mounted information system are subjected to identity authentication when communication starts, a key is dynamically negotiated after the identity authentication, and the negotiated key is used for carrying out encryption/decryption processing and data integrity verification on interactive data in the communication process.
Further, the vehicle-mounted information system is physically isolated from the in-vehicle ECU through the electric vehicle information security gateway, when the vehicle-mounted information system is communicated with the in-vehicle ECU, identity authentication is firstly carried out on the vehicle-mounted information system and the in-vehicle ECU, the vehicle-mounted information system is responsible for communicating with the in-vehicle ECU, a public key of the vehicle-mounted information system and a signature of the public key are sent to the information security gateway, the information security gateway decrypts the signature, whether the decrypted public key is consistent with the received original public key or not is verified, if so, the identity authentication is passed, and similarly, the vehicle-mounted information system can carry out identity authentication on the information security gateway; after the identity authentication is passed, the two communication parties negotiate an encryption key and an integrity check key of data communication of the two communication parties through the authenticated asymmetric key, and a session ID number is transmitted in the identity authentication process, so that the key needs to be bound with the session ID number; when the ECU in the vehicle sends data to the outside, the information security gateway receives the data through the CAN bus, performs integrity authentication on the data, then encrypts the data through a negotiated secret key, and finally transmits the data to the vehicle-mounted information system through the Ethernet interface; when the information security gateway receives data through the Ethernet interface, the data is decrypted first, integrity verification is carried out on the data after decryption, and if verification is passed, the data is sent out through the CAN bus; otherwise, the data is discarded.
Further, the identity authentication is realized by adopting an asymmetric key with a signature.
Furthermore, the signature is realized by a pair of asymmetric keys which are trusted by the information security gateway and the vehicle-mounted information system, wherein the private key is used for signing the identities of the two communication parties, and the public key is used for verifying that the identities of the two communication parties are signed.
Furthermore, the identity authentication is that both communication parties need to authenticate own identities through a pair of asymmetric keys, and a task in charge of communication with an electric vehicle information security gateway in a vehicle-mounted information system is identified by a unique pair of asymmetric keys.
Further, the dynamic negotiation key is encrypted by adopting an RSA encryption algorithm. The negotiated keys include a data encryption key and a data integrity check key.
Furthermore, the data encryption method is a 3DES encryption algorithm. The integrity check algorithm is an HMAC-MD5-128 algorithm. When data is output, integrity check calculation is carried out on the data, the calculated MAC value is added with the head of the value data message, then the data (including the MAC of the head) is encrypted by using a 3DES algorithm, the head information of a security layer is added after the data is encrypted, and then the data is sent to the next layer for processing.
Further, the next layer refers to a transport layer in the TCP/IP model.
Further, when the receiving side finds an authentication error and a MAC/decryption error, it is necessary to send a fatal error message to the transmitting side and close the connection.
The invention has the beneficial effects that: the safety, reliability and confidentiality of the communication between the vehicle-mounted information system and the ECU in the vehicle can be ensured through the identity authentication when the communication between the two communication parties starts, the data encryption and the data integrity authentication in the communication process. The method is particularly suitable for an embedded platform which has less resources and is not connected with a PKI system, and can ensure that the safety of life and property of an automobile owner can not be caused by hacker attack under the condition of the Internet of vehicles by ensuring the safety and reliability of the communication between the vehicle-mounted information system and the ECU in the automobile.
Drawings
The invention is further illustrated with reference to the following figures and examples.
Fig. 1 is a schematic diagram of an architecture of information security of an electric vehicle according to an embodiment of the present invention;
fig. 2 is a schematic diagram illustrating a relationship between a security layer and a communication protocol provided in the embodiment of the present disclosure;
fig. 3 is a flowchart of a handshake process when two communication parties establish a connection according to an embodiment of the present invention;
fig. 4 is a flowchart of data packet output processing in a communication process according to an embodiment of the present invention;
fig. 5 is a diagram of a packet encapsulation structure between a security layer and a transport layer according to an embodiment of the present invention;
fig. 6 is a flowchart of data packet input processing in a communication process according to an embodiment of the present invention.
Detailed Description
The implementation of the invention needs to be integrated in an embedded hardware platform, named as an electric vehicle information security gateway, and the relationship between the electric vehicle information security gateway and a vehicle-mounted information system and an in-vehicle ECU is shown in FIG. 1. The electric vehicle information security gateway transplants an embedded operating system on software, writes CAN driving codes by a TCP-IP protocol stack, and enables the electric vehicle information security gateway to realize the functions of CAN communication and Ethernet communication.
As shown in fig. 2, a security layer is implemented between the application layer and the transport layer. The security layer mainly comprises a handshake process during communication establishment and a datagram transmission process during communication. Application layer data (step 21) is sent from the application layer to the security layer (22) and after security layer processing to the transport layer (23).
As shown in fig. 3, when a communication initiator (hereinafter, referred to as a client) and a communication responder (hereinafter, referred to as a server) start communication, a handshake protocol is implemented. The handshake protocol mainly completes the functions of identity authentication and key agreement. The identities of the two communication parties are identified by a respective pair of asymmetric keys, namely, the Client is identified by a public key (Client _ pubkey) and a private key (Client _ key), and the Server is identified by a public key (Server _ pubkey) and a private key (Server _ key). In the whole passing process, a pair of third-party asymmetric keys (Trust _ Public _ key and Trust _ private _ key) which are trusted by both parties exists, any other asymmetric key mean value signed by the Trust _ private _ key is trusted, and all nodes in the communication system have the Trust _ Public _ key.
Firstly, the Client sends Client _ hello to the server (step 31), the main message contents contained are a Random number Random _ c, a session ID, a signature generated by acting a Client private key on the Random number (Client _ key (Random _ c)), and a signature generated by acting a third party private key on a Client public key (Trust _ private _ key) (Client _ pubkey), after the server receives the message sent by the Client, using Trust _ Public _ key to carry out signature authentication on Trust _ private _ key (Client _ pubkey) to obtain Client _ pubkey, then, the Client _ private (Random _ c) is used for signature authentication to obtain the Random _ c, if the computed Random _ c is consistent with the received Random _ c, the identity of the client is trustworthy, and the server caches a public key, a Random number and an ID number of the client; otherwise, sending the identity authentication fatal error message and disconnecting the connection.
In step 33, the Server sends Server _ prekey _ exchange to the client. The server generates a pre-key, encrypts the pre-key by using a public key of the Client, sends Client _ pubkey (pre) to the Client, and calculates a Master key by taking Random _ c, Random _ s and pre as factors.
And step 34, the Client sends the Client _ mask _ verify to the server. After receiving the Server _ prekey _ exchange message, the client decrypts the message by using a private key of the client to obtain prekey, the client calculates a Master key Master _ key by using Random _ c, Random _ s and prekey as factors, then acts on the Master _ key through an MD5 hash algorithm to calculate an MAC, encrypts the MAC by using a public key of the Server, and sends the Server _ pubkey (MAC) to the Server.
In step 35, the server sends a handsake _ done to the client. After receiving the Client _ mask _ verify message, the server decrypts the message by using a private key of the server to obtain an MAC value, then calculates the MAC value of the Master _ key of the server through an MD5 algorithm, and if the 2 MAC values are the same, the Client and the Master _ key of the server are the same. Then sending the Client _ pubkey (MAC) as a message of the Handshake _ done to the Client; otherwise, sending a key error message and disconnecting the connection. After receiving the Handshake _ done message, the client decrypts the message by using a private key of the client to obtain the MAC, and if the MAC is consistent with the MAC sent by the client, the main keys of the client and the MAC are the same. At this point, both communication parties complete the work of identity authentication and key agreement.
The calculation method of the master key refers to an MD5 algorithm. The Master _ key is composed of three parts, namely a Master _ key1, a Master _ key2 and a Master _ key3, and each part is 128 bits. The calculation formula is as follows:
Master_key1=MD5(Random_c+Random_s+prekey);
Master_key2=MD5(Random_c+Random_s+Master_key1);
Master_key3=MD5(Random_c+Random_s+Master_key2);
the symmetric encryption algorithm used in the data transmission process is a 3DES algorithm, and the integrity check algorithm is an MD5 algorithm. The initialization vector IV of the 3DES encryption algorithm is the first 64 bits of the Master _ key1, the key 3Deskey of the 3DES encryption algorithm is the last 64 bits of the Master _ key1 plus the Master _ key2, and the total number is 192 bits; the MAC key of the MD5 algorithm is Master _ key3, which has 128 bits.
And an output message processing mode: after the two communicating parties complete the handshake (step 41), as shown in fig. 4, one party waits for data to pass down from the application layer. When there is data to send (step 42), the sender queries the MAC key of the MD5 algorithm, the IV of the 3DES algorithm, and the key 3Deskey according to the ID number in the handshake procedure. The MAC value is calculated from the MAC key and the MD5 algorithm and added to the message header (step 43). The message after the MAC is added is then encrypted using the 3DES algorithm (step 44), and a security layer message header is then added, including a type field, a length field, and an ID field (step 45). The type field stores the type of the message, including handshake type, fatal error type, data type, wherein the fatal type error is divided into identity authentication error, MAC/decryption error, session ID error, closing connection. The length field refers to the total length of the header and the data of the security layer message. The ID field is the ID number of the communication of the sender and the receiver, the ID number generated in the handshake phase, and the key binding of the communication. Finally, the Security layer message is sent to the transport layer (step 46).
The structure of a data message entering the transport layer from the security layer or entering the security layer from the transport layer is shown in fig. 5.
The processing mode of the input message is shown in fig. 6: the receiving party waits for data to arrive (step 600), when receiving data from the transport layer, the receiving party firstly checks the type (step 601), if the data is data of handshake type, then enters handshake flow processing (step 603); if the data is error type data, the receiving party records the error reason (step 602), wherein the connection closing is normal closing, the identity authentication error, the MAC/decryption error and the session ID error are errors in the two-party communication, then the communication connection is closed (step 604), and resources such as a session ID number and a secret key are released; if the data type is the data type, the application data receiving processing procedure is entered. After entering the application data receiving process, firstly checking the session ID (step 605), if the session ID number does not exist, the receiver sends a session ID error message to the sender (step 610), and the receiver closes the connection (step 604); if a session ID number exists, then the corresponding key is queried based on the session ID number (step 606). The received data message is decrypted by using the queried IV and 3Deskey of the 3DES algorithm (step 607), so as to obtain a datagram plaintext and a MAC value, and the integrity of the plaintext is checked by using the MD5 algorithm and the MAC key, so as to calculate the MAC value (step 608). Comparing the received MAC value with the calculated MAC value (step 609), if the two MAC values are different, the receiving side sends MAC/decryption error information to the sending side (step 610), and then the connection is closed (step 604); if the two MAC values are the same, the data packet of the security layer is passed to the application layer for processing (step 611).
Through the above description of the embodiments, it is clear to those skilled in the art that the above embodiments can be implemented directly by hardware algorithm modules, or implemented by necessary software on a hardware platform. With this understanding, the technical solutions of the embodiments can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.), and includes several instructions for enabling a computer device (which can be a personal computer, a server, or a network device, etc.) to execute the methods according to the embodiments of the present invention.
The above description is only for the specific embodiments of the present invention, and not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the protection scope of the present invention.
Claims (6)
1. A method for realizing information security of an electric vehicle is characterized in that a vehicle-mounted information system and an in-vehicle ECU (electronic control unit) are isolated by an electric vehicle information security gateway, the in-vehicle ECU communicates with an information security gateway through a CAN (controller area network) bus, and the information security gateway communicates with the vehicle-mounted information system through Ethernet; the information security gateway and the vehicle-mounted information system are subjected to identity authentication when communication is started, a key is dynamically negotiated after the identity authentication, and the negotiated key is used for carrying out encryption/decryption processing and data integrity verification on interactive data in the communication process; the vehicle-mounted information system is isolated from the ECU in the vehicle through the electric vehicle information security gateway, when the vehicle-mounted information system is communicated with the ECU in the vehicle, identity authentication is firstly carried out on the vehicle-mounted information system and the vehicle-mounted information system, the vehicle-mounted information system is responsible for communicating with the ECU in the vehicle, a public key of the vehicle-mounted information system and a signature of the public key are sent to the information security gateway, the information security gateway decrypts the signature, whether the decrypted public key is consistent with the received original public key or not is verified, if so, the identity authentication is passed, and similarly, the vehicle-mounted information system can carry out identity authentication on the information security gateway; after the identity authentication is passed, the two communication parties negotiate an encryption key and an integrity check key of data communication of the two communication parties through the authenticated asymmetric key, and a session ID number is transmitted and bound with the encryption key and the session ID number in the identity authentication process; when the ECU in the vehicle sends data to the outside, the information security gateway receives the data through the CAN bus, performs integrity authentication on the data, then encrypts the data through a negotiated secret key, and finally transmits the data to the vehicle-mounted information system through the Ethernet interface; when the information security gateway receives data through the Ethernet interface, the data is decrypted first, integrity verification is carried out on the data after decryption, and if verification is passed, the data is sent out through the CAN bus; otherwise, discarding the data; the identity authentication is realized by adopting an asymmetric key with a signature; the signature is realized by a pair of asymmetric keys which are simultaneously trusted by the information security gateway and the vehicle-mounted information system, wherein the private key is used for signing the identities of the two communication parties, and the public key is used for verifying that the identities of the two communication parties are signed; the dynamic negotiation key is encrypted by adopting an RSA encryption algorithm, and the negotiation key comprises a data encryption key and a data integrity check key.
2. The method for realizing the information security of the electric automobile according to claim 1, characterized in that: the identity authentication is that both communication parties need to authenticate own identities through a pair of asymmetric keys, and a task in charge of communication with an electric vehicle information security gateway in a vehicle-mounted information system is identified by a unique pair of asymmetric keys.
3. The method for realizing the information security of the electric automobile according to claim 1, characterized in that: the data encryption method is a 3DES encryption algorithm, the integrity check algorithm is an HMAC-MD5-128 algorithm, when data are output, integrity check calculation is carried out on the data, a head of a data message is added to a calculated MAC value, then the data including the MAC of the head are encrypted by using the 3DES algorithm, head information of a security layer is added after encryption, and then the data are sent to the next layer for processing.
4. The method for realizing the information security of the electric automobile according to claim 3, characterized in that: the next layer refers to the transport layer in the TCP/IP model.
5. The method for realizing the information security of the electric automobile according to claim 4, wherein: the calculation method of the master key refers to an MD5 algorithm, the master key consists of three parts, namely a master key1, a master key2 and a master key3, each part is 128 bits, and the calculation formula is as follows:
master key 1= MD5(Random _ c + Random _ s + prekey);
master key 2= MD5(Random _ c + Random _ s + master key 1);
master key 3= MD5(Random _ c + Random _ s + master key 2);
the Random _ c and the Random _ s are Random numbers, the prekey is used for generating a pre-key for the server, a symmetric encryption algorithm used in the data transmission process is a 3DES algorithm, an integrity check algorithm is an MD5 algorithm, an initialization vector IV of the 3DES encryption algorithm is the first 64 bits of a main key1, and a key 3Deskey of the 3DES encryption algorithm is the last 64 bits of the main key1 plus the main key2, and the total number is 192 bits; the MAC key of the MD5 algorithm is the master key3, for a total of 128 bits.
6. The method for realizing the information security of the electric automobile according to claim 1, characterized in that: when the receiver finds out the identity authentication error and the MAC/decryption error, the receiver needs to send fatal error information to the sender and close the connection.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710391299.1A CN107105060B (en) | 2017-05-27 | 2017-05-27 | Method for realizing information security of electric automobile |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710391299.1A CN107105060B (en) | 2017-05-27 | 2017-05-27 | Method for realizing information security of electric automobile |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107105060A CN107105060A (en) | 2017-08-29 |
CN107105060B true CN107105060B (en) | 2020-12-08 |
Family
ID=59660453
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710391299.1A Active CN107105060B (en) | 2017-05-27 | 2017-05-27 | Method for realizing information security of electric automobile |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107105060B (en) |
Families Citing this family (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107856622A (en) * | 2017-09-22 | 2018-03-30 | 六安市科宇专利技术开发服务有限公司 | A kind of onboard system |
CN107682334B (en) * | 2017-09-30 | 2019-12-31 | 郑州信大捷安信息技术股份有限公司 | OBD interface data safety protection system and data safety protection method |
CN107919955B (en) * | 2017-12-28 | 2021-02-26 | 北京奇虎科技有限公司 | Vehicle network security authentication method, system, vehicle, device and medium |
US10841284B2 (en) * | 2018-05-30 | 2020-11-17 | Lear Corporation | Vehicle communication network and method |
CN109040096A (en) * | 2018-08-22 | 2018-12-18 | 江苏天奇氢电装备有限公司 | CAN bus data acquire cipher processing method and equipment |
CN109765880B (en) * | 2019-01-16 | 2020-07-07 | 江苏徐工信息技术股份有限公司 | MD5 dynamic encryption algorithm-based T-BOX (T-BOX) anti-removal method and system |
CN109803020A (en) * | 2019-01-28 | 2019-05-24 | 北京经纬恒润科技有限公司 | Communication control method, gateway controller, vehicle intelligent terminal controller and system |
CN109951367B (en) * | 2019-03-29 | 2021-06-04 | 重庆长安汽车股份有限公司 | Encryption method for vehicle control protocol of to-be-opened vehicle platform |
CN109917775A (en) * | 2019-04-02 | 2019-06-21 | 东风汽车有限公司 | Automobile security gateway data transmission method and electronic equipment |
CN111835627B (en) * | 2019-04-23 | 2022-04-26 | 华为技术有限公司 | Communication method of vehicle-mounted gateway, vehicle-mounted gateway and intelligent vehicle |
CN110365746A (en) * | 2019-06-24 | 2019-10-22 | 广州艾帝西信息科技有限公司 | A kind of information transferring method and system |
CN110611679A (en) * | 2019-09-25 | 2019-12-24 | 杭州港盛软件科技有限公司 | Data transmission method, device, equipment and system |
CN111224943A (en) * | 2019-11-21 | 2020-06-02 | 天津天睿科技有限公司 | Internet encryption data transmission method |
CN111193732A (en) * | 2019-12-26 | 2020-05-22 | 国汽(北京)智能网联汽车研究院有限公司 | In-vehicle communication method and device and electronic equipment |
CN111077883A (en) * | 2019-12-27 | 2020-04-28 | 国家计算机网络与信息安全管理中心 | Vehicle-mounted network safety protection method and device based on CAN bus |
CN111399885B (en) * | 2020-04-10 | 2022-11-29 | 东风小康汽车有限公司重庆分公司 | Vehicle component upgrading pushing method and device and computer readable storage medium |
CN113411294A (en) * | 2021-04-30 | 2021-09-17 | 中汽研(天津)汽车工程研究院有限公司 | Vehicle-mounted secure communication method, system and device based on secure cloud public key protection |
CN113542428B (en) * | 2021-07-29 | 2022-08-02 | 中国第一汽车股份有限公司 | Vehicle data uploading method and device, vehicle, system and storage medium |
CN113960978A (en) * | 2021-09-29 | 2022-01-21 | 岚图汽车科技有限公司 | Vehicle diagnosis method, device and storage medium |
CN114547703A (en) * | 2022-04-25 | 2022-05-27 | 浙江中控研究院有限公司 | Embedded safety communication method and system based on safety isolation module |
CN115883130A (en) * | 2022-10-24 | 2023-03-31 | 广州大学 | Vehicle-mounted ECU identity authentication method through secret key |
CN117614624A (en) * | 2023-12-21 | 2024-02-27 | 长春大学 | Identity authentication security trust method based on key agreement in Internet of vehicles |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7602915B2 (en) * | 2004-04-28 | 2009-10-13 | Denso Corporation | Communication system having plurality of nodes sharing a common cipher key, cipher key dispatching apparatus for use in the system, and anti-theft apparatus utilizing information derived from cipher key utilization |
CN105187376A (en) * | 2015-06-16 | 2015-12-23 | 西安电子科技大学 | Safe communication method of internal automobile network in Telematics |
CN105763403A (en) * | 2014-12-15 | 2016-07-13 | 中华汽车工业股份有限公司 | Vehicle-mounted control area network system |
CN105871830A (en) * | 2016-03-28 | 2016-08-17 | 成都信息工程大学 | Firewall of vehicle-mounted information system of automobile |
CN106101111A (en) * | 2016-06-24 | 2016-11-09 | 郑州信大捷安信息技术股份有限公司 | Vehicle electronics safe communication system and communication means |
CN106357681A (en) * | 2016-11-02 | 2017-01-25 | 合肥工业大学 | Security access and secret communication method of vehicle-mounted remote diagnostic services |
CN106685985A (en) * | 2017-01-17 | 2017-05-17 | 同济大学 | Vehicle remote diagnosis system and method based on information safety technology |
-
2017
- 2017-05-27 CN CN201710391299.1A patent/CN107105060B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7602915B2 (en) * | 2004-04-28 | 2009-10-13 | Denso Corporation | Communication system having plurality of nodes sharing a common cipher key, cipher key dispatching apparatus for use in the system, and anti-theft apparatus utilizing information derived from cipher key utilization |
CN105763403A (en) * | 2014-12-15 | 2016-07-13 | 中华汽车工业股份有限公司 | Vehicle-mounted control area network system |
CN105187376A (en) * | 2015-06-16 | 2015-12-23 | 西安电子科技大学 | Safe communication method of internal automobile network in Telematics |
CN105871830A (en) * | 2016-03-28 | 2016-08-17 | 成都信息工程大学 | Firewall of vehicle-mounted information system of automobile |
CN106101111A (en) * | 2016-06-24 | 2016-11-09 | 郑州信大捷安信息技术股份有限公司 | Vehicle electronics safe communication system and communication means |
CN106357681A (en) * | 2016-11-02 | 2017-01-25 | 合肥工业大学 | Security access and secret communication method of vehicle-mounted remote diagnostic services |
CN106685985A (en) * | 2017-01-17 | 2017-05-17 | 同济大学 | Vehicle remote diagnosis system and method based on information safety technology |
Also Published As
Publication number | Publication date |
---|---|
CN107105060A (en) | 2017-08-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107105060B (en) | Method for realizing information security of electric automobile | |
CN114154135B (en) | Internet of vehicles communication security authentication method, system and equipment based on state cryptographic algorithm | |
CN107846395B (en) | Method, system, medium, and vehicle for securing communications on a vehicle bus | |
Hazem et al. | Lcap-a lightweight can authentication protocol for securing in-vehicle networks | |
CN107040513B (en) | Trusted access authentication processing method, user terminal and server | |
Wang et al. | NOTSA: Novel OBU with three-level security architecture for internet of vehicles | |
US20090019528A1 (en) | Method for realizing network access authentication | |
CN104618120A (en) | Digital signature method for escrowing private key of mobile terminal | |
US20070101159A1 (en) | Total exchange session security | |
CN112235235A (en) | SDP authentication protocol implementation method based on state cryptographic algorithm | |
CN113225352B (en) | Data transmission method and device, electronic equipment and storage medium | |
WO2013081441A1 (en) | A system and method for establishing mutual remote attestation in internet protocol security (ipsec) based virtual private network (vpn) | |
CN114867014B (en) | Internet of vehicles access control method, system, medium, equipment and terminal | |
CN112636923B (en) | Engineering machinery CAN equipment identity authentication method and system | |
KR101481403B1 (en) | Data certification and acquisition method for vehicle | |
CN110266485B (en) | Internet of things safety communication control method based on NB-IoT | |
CN110611679A (en) | Data transmission method, device, equipment and system | |
CN113163375B (en) | Air certificate issuing method and system based on NB-IoT communication module | |
US8356175B2 (en) | Methods and apparatus to perform associated security protocol extensions | |
Park et al. | A secure communication method for canbus | |
CN110996301B (en) | Human-vehicle interaction system design and implementation method based on zero-knowledge identity authentication | |
CN114650181B (en) | E-mail encryption and decryption method, system, equipment and computer readable storage medium | |
CN113242214B (en) | Device, system and method for encryption authentication between boards of power secondary equipment | |
CN114065170A (en) | Method and device for acquiring platform identity certificate and server | |
Wu et al. | Security design of OTA upgrade for intelligent connected vehicle |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |